CyberheistNews Vol 13 #42 | October 17th, 2023
[DISINFO ALERT]: Israel-Hamas War Causes a Deluge of Dis- And Misinfo
Social media, and it seems particularly X (former Twitter) seems to drown in an almost instant deluge of disinformation caused by the horrendous Israel-Hamas war that broke out. Unfortunately, this is going to be used for social engineering attacks that your workforce needs to watch out for.
A brigade of journalists, researchers, and open-source intelligence (OSINT) experts went into action. They tried to verify the torrent of videos and photos being shared online by eyewitnesses. However, people that turned to X for a grasp on the unfolding scenario found themselves wading through a swamp of disinformation.
More than ever, global catastrophes are quickly followed by a rush of disinfo, aimed at influencing the narrative. However, the velocity and magnitude of disinfo generated on X around the Israel-Hamas confrontation is troublesome.
Instead of encountering verified and scrutinized information, users on X stumbled upon video game clips masquerading as footage of Hamas aggressions, and images of firework celebrations in Algeria misrepresented as Israeli onslaughts on Hamas.
It is critical in times like this to remind your workforce that what they see on social media better be fact checked before they take any action. It's a sad state of affairs that you can count on social engineering attacks using this war as bait. Step your users through one of these modules that are available now on the KnowBe4 ModStore training library.
Blog post with links and screenshot:
https://blog.knowbe4.com/disinformation-alert-israel-hamas-war-causes-deluge-of-dis-and-misinformation
[Introducing PhishER Plus] Supercharge Your M365 Global Blocklist
Now there's a new, super easy way to protect your users against malicious emails through the power of KnowBe4's new PhishER Plus!
PhishER Plus gives you two extremely powerful capabilities:
Global Blocklist, an active global threat feed for Microsoft 365, and Global PhishRIP, a cutting-edge email quarantine feature that automatically removes malicious email before your user is exposed to the threat.
You can now harness the power of reported messages from over 10 million trained users worldwide with the Global Blocklist feature. It prevents future malicious emails, sharing the same sender, URL, or attachment, from reaching your users.
These are real-world phishing threats, triple-vetted by humans and AI. The result? Your Microsoft 365 email filters get a significant boost, all from within your PhishER console.
Join us for a live 30-minute demo of the Plus features of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software.
With PhishER you can:
- New! Use crowdsourced intelligence from more than 10 million users to block known threats before you're even aware of them
- New! Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
- Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
- Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
- Easily integrate with KnowBe4's email add-in, Phish Alert Button, or forward to a mailbox
Find out how adding PhishER can be a huge time-saver for your Incident Response team while ensuring your users are safe!
Date/Time: TOMORROW, Wednesday, October 18, @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN2
'Human-Operated' Ransomware Attacks Double in the Last Year
As attackers leave little-to-no trace of their attack patterns, more ransomware groups are shifting from automated attacks to manual attacks.
According to the newly-released Microsoft Digital Defense Report 2023, about 40% of the ransomware attacks detected were human-driven and tracked back to over 120 ransomware-as-a-service (RWaaS) affiliates.
This spike in human-operated ransomware attacks likely goes back to attackers wanting to minimize their footprint within an organization. Think of it this way — all it takes is one detection of something unusual on a single system to alert IT of the attacker's presence.
One tactic found in these types of attacks is remote encryption. Attackers can choose to encrypt data from multiple systems on a single compromised machine and copy it back to their appropriate repositories. This is much simpler for cybercriminals to do rather than deploy malware on each system and risk process-based detection.
One of the most concerning details around the use of human-operated ransomware is its growth. According to Microsoft, this model of attack has grown over 200% in the last year, and the number of RWaaS affiliates tied to these attacks has grown by 12% in the last year. This signals that 2024 will likely see significant increases in human-operated attacks.
This shift in attack models means more emphasis on initial detection before a threat actor can take control of an endpoint as their foothold into your network. With phishing still being used as the primary method for initial attacks, having a vigilant user base that is continually educated through security awareness training will reduce the likelihood that attackers can gain the needed foothold to begin a ransomware attack.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/human-operated-ransomware-attacks-double
KnowBe4 Ranked as the #1 Security Awareness Training Platform for the 17th Consecutive Quarter
The latest G2 Grid Report compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 1,281 G2 customer reviews, KnowBe4 is the top ranked security awareness training platform with 98% of users rating 4 or 5 stars.
The KnowBe4 platform also received a 94% customer recommendation rating, 92% ease of use and 95% quality of support score. KnowBe4 has the largest market presence and G2 score among all vendors rated in the report.
KnowBe4 enables more than 65,000 organizations worldwide and their users to make smarter security decisions — every day. Using world-class training and simulated phishing, we help customers to improve their security posture, mitigate risk and manage the ongoing problem of social engineering.
In this comprehensive G2 Grid Report on the SAT market, you'll get:
- Stack rankings of SAT vendors based on validated reviews from customers
- Detailed profiles and customer ratings of the vendors in the category on G2
- Customer scores based on ease of use, likelihood to recommend, support and more
Get the Report Now
https://www.knowbe4.com/g2-grid-report-for-security-awareness-training-chn
74% of CEOs Concerned About Their Organization's Ability to Protect Against Cyber Attacks
According to the recent The Cyber-Resilient CEO report released by IT services and consulting agency Accenture, a staggering 74% of CEOs have expressed concerns about their organizations' ability to protect their businesses from cyber-attacks.
This is despite the fact that 96% of CEOs acknowledge the importance of cybersecurity for the growth and stability of their organizations. The report sheds light on the reactive versus proactive nature of CEOs when it comes to cybersecurity, which ultimately increases the risk of attacks and in turn, recovery costs. Surprisingly, 60% of CEOs admitted that their organizations do not prioritize cybersecurity in their business strategies, services or products in planning.
Part of the reasoning for this reactive stance could be explained by the incorrect perception held by more than half (54%) of CEOs that the expenses associated with implementing cybersecurity outweigh the costs incurred from experiencing a cyber attack, despite historical evidence proving otherwise.
Also, despite 90% of CEOs considering cybersecurity a differentiating factor, only 15% have dedicated board meetings for it. This may be because 91% of CEOs believe it falls under the responsibility of the CIO or chief information security officer.
The report also highlights the potential risks associated with generative AI, as it could enable cybercriminals to create highly sophisticated and undetectable cyber attacks. Almost two-thirds of CEOs (64%) expressed concerns about the use of generative AI by hackers to carry out phishing scams, social engineering attacks, and automated hacks.
"The acceleration of generative AI makes it even more essential for orgs to take measures to ensure the security of their data and digital assets," said Paolo Dal Cin, global lead of Accenture Security. "Unfortunately, it is often only after they experience a material cyber incident that they elevate cybersecurity to a board-level and C-suite priority and expand expectations beyond technology functions to better protect their organizations.
"Integrating cybersecurity risk into an enterprise risk management framework is the key to ensuring better security, regulatory compliance, business protection and customer trust."
The report identifies a small group of CEOs who excel at cyber resilience. These "cyber-resilient CEOs" use a holistic approach to cybersecurity and their organizations are better at detecting, containing and remedying cyber threats. Consequently, they have lower breach costs and achieve better financial performance, including higher revenue growth, more cost-reduction improvements, and healthier balance-sheet improvements.
On the other hand, there exists a group of CEOs known as "cyber laggards" who make up almost half (46%) of the CEOs. This group lacks consistency and rigor in taking the proactive actions that cyber-resilient CEOs do. Five actions that cyber-resilient CEOs are far more likely than cyber laggards to take proactively are:
- Making cybersecurity a part of the organization's overall strategy from the beginning
- Ensuring accountability for cybersecurity is shared across the organization
- Securing the digital infrastructure of the organization
- Extending cybersecurity strategies across organizational silos as well as with third parties
- Embracing an ongoing cyber-resilient security culture to stay ahead of the curve
Blog post with links:
https://blog.knowbe4.com/ceos-concerned-about-ability-to-protect-against-cyberattacks
[CASE STUDY] MESA Gains IT Capacity and a Stronger Security Culture
The critical infrastructure manufacturer MESA knows the importance of good IT hygiene for the hundreds of employees using its network and technology systems. MESA's director of information technology relies on KnowBe4's security awareness training (SAT) and simulated phishing platform to test employees' critical thinking skills and support a resilient security culture. MESA also deployed KnowBe4's PhishER lightweight SOAR platform to cut down on incident response time and efficiently mitigate threats.
Learn how KnowBe4's SAT and PhishER platforms allowed MESA to:
- Reduce their Phish-prone Percentage from 52% to 8.6%
- Provide in‐depth data in visualized schema and arm leadership with credible business intelligence with powerful platform reporting features
- Save nearly seven weeks' time annually for the IT team by automatically investigating, quarantining and removing malicious emails with PhishER
- Deliver security awareness training and automated investigation of user-reported email vulnerabilities across all subsidiaries through platform integration
Read the Case Study:
https://www.knowbe4.com/mesa-case-study
New Research: Phishing Remains the Most Popular Technique for Bad Actors
A report from Trustwave notes that phishing remains one of the most popular and effective techniques for attackers to gain access to organizations.
"Trustwave SpiderLabs consistently finds that phishing is one of the most effective methods attackers use to gain an initial foothold in financial services organizations," the researchers write.
"However, this method is highly dependent on the quality of the lure, the writing style, and the contextual and grammatical clues given in the phishing email. These issues have often been the weakness of phishing attacks, particularly as security awareness training has continually taught personnel what to look for."
The researchers note that generative AI tools and large language models (LLMs) are allowing cybercriminals to easily craft convincing social engineering attacks. While legitimate AI tools like ChatGPT attempt to curb malicious use, criminals have created their own versions of these tools designed to create phishing lures and malware.
"The quick maturity and expanded use of LLM technology makes the crafting of phishing emails even easier, more compelling, highly personalized, and harder to detect. Our team regularly encounters and analyzes phishing emails with malicious attachments or links against our financial services clients. We see that as LLM technology progresses, creating these compelling phishing emails will likely be made easier and effective as an attack vector. We're also seeing an increase in deepfakes as a result of more sophisticated technology."
Trustwave adds that HTML attachments are the most common malicious attachments delivered via phishing emails, and most of these emails attempt to convey a sense of urgency.
"Our team noted the most common themes of the emails containing these malicious attachments are related to voicemail notifications, payment receipts, purchase orders, remittances, bank deposits, and quotation requests," the researchers write.
"We have also observed that 24% of the emails with malicious attachments attempted to spoof American Express. DHL is next at 21% and Microsoft in third with 15%."
Blog post with links:
https://blog.knowbe4.com/phishing-most-popular-technique
Microsoft Threat Intel confirms similar observations: "The threat actor that Microsoft tracks as Storm-1575 is behind the development, support, and sale of Dadsec, a phishing-as-a-service (PhaaS) platform responsible for some of the highest volumes of phishing attacks tracked by Microsoft since it was initially seen in May 2023." posted on Twitter:
https://twitter.com/MsftSecIntel/status/1712936246467580021
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: CISA's Jen Easterly promotes fighting phishing to secure our world:
https://twitter.com/cisajen/status/1712916900659794376?s=12&t=vSAPngidkSaQJtTdB6pOmw
PPS: [NEW INFOGRAPHIC] KnowBe4's SecurityCoach Top 10 Integrations:
https://blog.knowbe4.com/securitycoach-top-10-vendor-integrations
- Lewis Carroll - Writer (1832 - 1898)
- Confucius - Philosopher (551 - 479 BC)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-13-42-disinfo-alert-israel-hamas-war-causes-a-deluge-of-dis-and-misinfo
10K Harvested Credentials Are Put Up for Sale Monthly on the Dark Web
Credential harvesting has become a business in and of itself within the cybercrime economy. New insight from Microsoft details the types of attacks your organization should watch out for.
I've attempted to cover every Microsoft 365 credential harvesting attack since the platform is so popular and is an easy target for cybercriminals. But the news coming from their newly-released Microsoft Digital Defense Report 2023 puts this type of attack into perspective.
Not only should the 10,000 credentials per month data point make you realize that these types of attacks are prevalent, but there is a black market buying at an equally-blistering pace.
In the report, Microsoft points out five specific examples of credential-harvesting attacks:
- Emails sent from a trusted third party – Compromise one account and then send a malicious email to everyone in their contact list intent on stealing each recipient's credentials.
- Using legitimate URLs – I've covered plenty of stories where threat actors used legitimate web platforms to host landing pages (that usually redirect to malicious sites) in order to bypass security scanners.
- Using OneNote attachments – The use of this file type in attacks is in response to Microsoft disabling macros and attackers needing a relatively commodity filetype supported by the largest number of potential victims possible.
- vOAuth – The attacker exploits the device authorization grant process within M365 to trick a user into granting them access to their account using a phishing link.
- Targeted Attacks – Attackers do their diligence on a potential victim and create tailored attacks with appropriate look-alike domains.
In all of these cases, the onus may end up solely on the recipient user, with security solutions potentially none-the-wiser. So your users need to be as up-to-date as possible on the latest attack methods through continual security awareness training.
Blog post with link to Microsoft PDF:
https://blog.knowbe4.com/harvested-credentials-put-up-for-sale-monthly
Business Email Compromise Attacks Skyrocket to 150K Per Day
Threat actors launched 156,000 business email compromise (BEC) attempts per day between April 2022 and April 2023, according to Microsoft's latest Digital Defense Report. While most of these attempts go unanswered, criminals can receive massive payouts when they succeed.
The researchers explain, "As Microsoft's cloud services continue to evolve through innovative breakthroughs, threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks. The success of these attacks is largely due to the growing targeting of cloud-based infrastructure, exploitation of trusted business relationships, and development of more specialized skills by the threat actors.
"Microsoft's Digital Crimes Unit (DCU) believes that increased intelligence sharing across the public and private sectors will enable a faster and more impactful response against the threat actors behind these attacks."
Microsoft also warns that BEC actors are also growing increasingly sophisticated and organized. "The structure of organized criminal networks perpetrating BEC attacks is also evolving, along with the skills of the threat actors who make up these organizations," Microsoft explains.
"BEC criminal networks predominantly originate from Africa and range from a hierarchical organization with top-down command, such as the Black Axe group, to loosely organized networks managed regionally, commonly known as 'zones.'
"Many zone actors move to industrialized countries for technical education and work experience, then use their new knowledge to carry out more sophisticated attacks, such as VEC. DCU has observed some zones are organized by roles and use specialized skills to improve the efficacy of their attacks. In these instances, threat actors may be involved in one or more roles."
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Microsoft has the story:
https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
What KnowBe4 Customers Say
"Hello Stu, I have been thoroughly impressed with the KnowBe4 platform. The platform is robust and easy to understand. The support has been top-tier, Regan C. our account manager has been amazing and made onboarding a breeze."
- O.C., Director of IT
"Hi Stu, I was surprised to see that it was really you! So far we have actually been extremely impressed with your service. The staff has been very helpful answering any questions we have and setting up meetings for us to go through the steps of implementing.
Even as a small business we found it to be very useful already and we haven't implemented any real training yet. The software is much more user friendly than others we looked into. Having a real person answer your questions means a lot to who we do business with. Thanks!"
- H.K. IT Department
- Israel-Hamas conflict extends to cyberspace:
https://www.csoonline.com/article/655223/israel-palestine-conflict-extends-to-cyberspace.html - U.S. Smashes Annual Data Breach Record With Three Months Left:
https://www.infosecurity-magazine.com/news/us-smashes-data-breach-record/ - Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks:
https://www.securityweek.com/microsoft-blames-nation-state-threat-actor-for-confluence-zero-day-attacks/ - Recommended Podcast - AI Hardware, Explained by Andreessen Horowitz:
https://a16z.com/podcast/ai-hardware-explained/ - Phishers Spoof USPS, 12 Other National Postal Services:
https://krebsonsecurity.com/2023/10/phishers-spoof-usps-12-other-natl-postal-services/#more-65255 - 10 years in review: Cost of a Data Breach:
https://securityintelligence.com/articles/cost-of-a-data-breach-10-years-in-review/ - UK opposition leader targeted by AI-generated fake audio smear:
https://therecord.media/keir-starmer-labour-party-leader-audio-smear-social-media-deepfake - AI-Generated Voices and Deepfakes Are Surging on TikTok, Other Platforms - And European Regulators Have Had Enough:
https://www.entrepreneur.com/business-news/ai-generated-deepfakes-misinformation-concerns-on-tiktok-x/463569 - Chinese APT ToddyCat Targets Asian Telecoms, Governments:
https://www.infosecurity-magazine.com/news/chinese-apt-toddycat-asian/ - CISA shares vulnerabilities, misconfigs used by ransomware gangs:
https://www.bleepingcomputer.com/news/security/cisa-shares-vulnerabilities-misconfigs-used-by-ransomware-gangs/
- Your virtual Vaca #1 to Doha. Qatar's capital is smaller than you think!:
https://youtu.be/tgZyoB24nd8 - Your virtual Vaca #2 to impressive Maya Ruins in Mexico:
https://www.youtube.com/watch?v=UgbemrNoASU - Your virtual Vaca #3 to Manila, Philippines in 4K HD by Drone:
https://youtu.be/wWYK6IVszPk - I finally rode the weird, curved German elevator:
https://youtu.be/ZgDBIzClmPg - The Mystery of Dubai's Massive Frozen Ferris Wheel:
https://youtu.be/wATQWFApLfc - RYSE RECON Water Takeoff and Landing. I want one:
https://youtu.be/ArLw3oyYGSg - Lockpicking Lawyer Picks the (terrible) New Elemake Mechanical Keypad Deadbolt:
https://youtu.be/xD7QPySqubs - Extreme Adventures: Paragliding Parties, Trick Shots, Acrobatics & More. Great for a 20-min break:
https://youtu.be/xAyxis3NzF4 - Fantastic Wingsuit run over the Aiguille Verte in Chamonix:
https://youtu.be/gDYjqlVCCw4 - How Has Coca-Cola Kept Its Formula a Secret for All These Years?:
https://www.youtube.com/watch?v=TG26N8zU6Uc - Fearless Feline Joins Doggy Dash to the Ocean:
https://www.flixxy.com/fearless-feline-joins-doggy-dash-to-the-ocean.htm?utm_source=4 - For Da Kids #1 - Dog Insists On Saying Hi To Everyone On His Train Rides:
https://youtu.be/CRvMD1gn6Ko - For Da Kids #2 - Crane Introduces His Babies To His Human Best Friend Every Year:
https://youtu.be/-ZzjDXc-pl8 - For Da Kids #3- These Donkeys Love Getting Into Trouble:
https://youtu.be/ZnO1MRO90EM - For Da Kids #4 - Blind horse loves bald daddy:
https://youtu.be/rBzfhybFL_o - For Da Kids #5 - Baby Platypus Caught on Camera:
https://youtu.be/OQryoS-t45g